Solved Dwm.exe in AppData\local\temp\msupdate71 consumes 100% of CPU

Hendry Lukito · Oct 11, 2014

I have read several way to clean this malware, which is very painful.
the process always started up every time I delete it, even from safe mode.

I'll be very thankful to you guys if you help me despite my intent. I want your pro assistance and I'll follow everything you tell me to do! Thanks again!

Broni · Oct 11, 2014

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Hendry Lukito · Oct 12, 2014

Here you go:

1. MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2014
Scan Time: 3:06:16 PM
Logfile: Scan mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.12.01
Rootkit Database: v2014.10.11.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hendry Lukito

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459482
Time Elapsed: 20 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

2. DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Hendry Lukito at 15:41:23 on 2014-10-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1028.18.28559.20901 [GMT 8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\afasrv64.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\HENDRY~1\AppData\Local\Temp\msupdate71\dwm.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TreeAgePro2011\treeagepro.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live ID ??????: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd
uRun: [SRS Premium Sound] "C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_x64.exe" /hideme
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USBestCR] C:\Program Files (x86)\SmartCardReader\iconcs236856.exe RunFromReg
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: ??? Microsoft Excel(&X) - <no file>
IE: ??? OneNote(&N) - <no file>
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: ??? OneNote(&N) - <no file>
IE: ??? Microsoft Excel(&X) - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [USBestCR] C:\Program Files (x86)\SmartCardReader\iconcs236856.exe RunFromReg
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-8-7 283064]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/21 09:03:57];C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 146928]
R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe --> C:\Windows\System32\afasrv64.exe [?]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-9-21 133800]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-11 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-11 860472]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2012-6-12 220104]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-3-22 169752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-11 122584]
R3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MSOLAP$BUNJIRA;SQL Server Analysis Services (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [2011-9-22 43801448]
S2 MSSQL$BUNJIRA;SQL Server (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [2014-7-12 58387104]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-11 63704]
S3 MSSQLFDLauncher$BUNJIRA;SQL Full-text Filter Daemon Launcher (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-7 19456]
S3 SRS_PremSoundMon;SRS for Monitors;C:\Windows\System32\drivers\SRS_PremSoundMon_amd64.sys [2014-10-10 158576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-7 56832]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-4 59744]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
.
=============== Created Last 30 ================
.
2014-10-12 03:52:56 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0F39176-7BC7-4F76-808B-4056130E2AA8}\mpengine.dll
2014-10-11 22:05:01 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-11 10:35:48 -------- d-----w- C:\temp
2014-10-10 18:31:29 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-10 18:30:28 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-10 18:30:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-10 18:30:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-10 18:30:28 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-10 18:30:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 17:45:12 -------- d-----w- C:\Program Files (x86)\Windows Kits
2014-10-10 17:44:53 -------- d-----w- C:\ProgramData\Package Cache
2014-10-10 06:29:56 -------- d-----w- C:\Users\Hendry Lukito\AppData\Local\SRS Labs
2014-10-10 06:29:27 158576 ----a-w- C:\Windows\System32\drivers\SRS_PremSoundMon_amd64.sys
2014-10-10 06:26:18 -------- d-----w- C:\Program Files (x86)\ViewSonic
2014-10-09 13:43:13 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\337Games
2014-10-09 13:41:55 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\SimpleFiles
2014-10-09 10:58:51 -------- d-----w- C:\Program Files (x86)\MathWave
2014-10-03 04:54:14 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88FE5B43-4AE3-420A-AF36-C4FFC838A2AD}\gapaengine.dll
2014-10-01 14:07:23 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-01 14:07:23 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-24 07:11:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 07:11:47 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 05:58:12 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\MedCalc Software
2014-09-14 12:04:51 -------- d-----w- C:\Program Files (x86)\MSECache
2014-09-13 11:17:32 -------- d-----w- C:\Program Files (x86)\Team17
.
==================== Find3M ====================
.
2014-09-24 03:57:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 03:57:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-07 12:01:10 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-08-07 09:48:25 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-08-07 09:30:40 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-24 18:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 15:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-17 10:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 10:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 15:42:05.33 ===============

Hendry Lukito · Oct 12, 2014

Sorry I need to put the attach.txt in attachment. It's a way too long to post it here as plain text.
Thank for your consideration.

Broni · Oct 12, 2014

Please observe forum rules.
All logs have to be pasted not attached.
If some log exceeds 50,000 characters post limit, split it into a couple of replies.

Hendry Lukito · Oct 12, 2014

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2011 8:10:01 AM
System Uptime: 10/11/2014 11:39:03 AM (28 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | BM6660(BM6360)
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 35.428 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 134.066 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0.064 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 977 GiB total, 919.032 GiB free.
H: is FIXED (NTFS) - 1071 GiB total, 274.085 GiB free.
I: is CDROM ()
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 931 GiB total, 828.427 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel(R) 82579LM Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_1502&SUBSYS_844E1043&REV_05\3&11583659&0&C8
Manufacturer: Intel
Name: Intel(R) 82579LM Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1502&SUBSYS_844E1043&REV_05\3&11583659&0&C8
Service: e1cexpress
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1007\575834314533344C4D303433&1
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1007\575834314533344C4D303433&1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
?????? 7.0 ???
64 Bit HP CIO Components Installer
ACDSee Pro 3
Adobe Acrobat X Pro - English, Fran?is, Deutsch
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 12.0
Age of Empires III - Complete Collection
Counter-Strike 1.6
CPUID CPU-Z 1.70
CustomerResearchQFolder
CyberLink PowerDVD 9
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
EasyFit 5.5
Facebook Video Calling 3.1.0.521
GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit)
GDR 5512 for SQL Server 2008 (KB2716436) (64-bit)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit)
Google Chrome
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Customer Participation Program 10.0
HP LaserJet P2050 Series 6.0
hppFonts
hppQFolderP2050
hppusgP2050
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 15.6.25.0
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Internet Download Manager
Java 7 Update 67
Java 7 Update 67 (64-bit)
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.7.0 (64-bit)
K-Lite Mega Codec Pack 7.6.0
Kits Configuration Installer
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
MATLAB R2009a
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (????)
Microsoft .NET Framework 4.5.1 (CHT)
Microsoft Access database engine 2010 (English)
Microsoft Access MUI (Chinese (Traditional)) 2013
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (Chinese (Traditional)) 2013
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (Chinese (Traditional)) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (Chinese (Traditional)) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (Chinese (Traditional)) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (Chinese (Traditional)) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office ???? 2013 - ????
Microsoft Office 2003 Web Components
Microsoft Office 32-bit Components 2013
Microsoft Office Access database engine 2007 (English)
Microsoft Office File Validation Add-In
Microsoft Office Language Pack 2013 - English
Microsoft Office O MUI (English) 2013
Microsoft Office OSM MUI (Chinese (Traditional)) 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (Chinese (Traditional)) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Outlook Connector
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (Chinese (Traditional)) 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (Chinese (Traditional)) 2013
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (Chinese (Traditional)) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (Chinese (Traditional)) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (Chinese (Traditional)) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (Chinese (Traditional)) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (Chinese (Traditional)) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharePoint Designer MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Books Online
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x64)
Microsoft Sync Services for ADO.NET v2.0 (x64)
Microsoft Visio Language Pack 2013 - English
Microsoft Visio MUI (Chinese (Traditional)) 2013
Microsoft Visio MUI (English) 2013
Microsoft Visio Professional 2013
Microsoft VisMUI (English) 2013
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual Studio 2007 Tools for Applications - ENU ? Hotfix (KB947789)
Microsoft Visual Studio 2008 Shell (integrated mode) - CHT
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - CHT
Microsoft Word MUI (Chinese (Traditional)) 2013
Microsoft Word MUI (English) 2013
Microsoft X MUI (English) 2013
Microtek ScanWizard
MINITAB 14
MP3 Cutter 1.1.1
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Lite
NetTalk By True
Nitro Pro 8
Notepad++
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF-Viewer
PowerDVD
R for Windows 3.1.0
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RStudio
ScanWizard 5
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft SharePoint Designer 2013 (KB2752096) 64-Bit Edition
Security Update for Microsoft SharePoint Designer 2013 (KB2863836) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Skype Click to Call
Skype™ 6.16
Smart Card Reader Driver 1.0.7.73
SPSS 16.0
SQL Server 2008 (KB2546951) ? Service Pack 3 (64-bit)
SQL Server 2008 R2 ? Service Pack 1 (KB2528583) (64-bit)
SQL Server 2008 R2 Reporting Services
SQL Server 2008 R2 SP1 Analysis Services
SQL Server 2008 R2 SP1 BI Development Studio
SQL Server 2008 R2 SP1 Client Tools
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
SQL Server 2008 R2 SP1 Full text search
SQL Server 2008 R2 SP1 Integration Services
SQL Server 2008 R2 SP1 Management Studio
SQL Server 2008 R2 SP1 Reporting Services
Sql Server Customer Experience Improvement Program
swMSM
TreeAge Pro 2011
TreeAge Pro Excel
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition
WebReg
Weka 3.6.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit EULA
WinRAR 4.11 (64-bit)
Worms Reloaded
WPT Redistributables
WPTx64
.

Hendry Lukito · Oct 12, 2014

==== Event Viewer Messages From Past Week ========
.
10/9/2014 9:44:11 PM, Error: Service Control Manager [7031] - The Update Adanak service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/9/2014 10:02:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user USER-PC\Hendry Lukito SID (S-1-5-21-2917960761-3470745484-3326223250-1211) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/8/2014 2:15:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Reporting Services (BUNJIRA) service to connect.
10/8/2014 2:15:09 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (BUNJIRA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/8/2014 2:13:38 AM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 1922 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/12/2014 3:41:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ReportServer service.
10/12/2014 3:37:29 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.146 did not allow the name to be claimed by this computer.
10/12/2014 3:36:06 PM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
10/11/2014 5:12:03 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.183 did not allow the name to be claimed by this computer.
10/11/2014 4:31:03 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.141 did not allow the name to be claimed by this computer.
10/11/2014 2:14:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Integration Services 10.0 service to connect.
10/11/2014 2:14:27 AM, Error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2014 11:42:49 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB} because another computer on the network has the same name. The server could not start.
10/11/2014 11:42:49 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.183 did not allow the name to be claimed by this computer.
10/11/2014 11:42:27 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 569 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:41:36 AM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2014 11:41:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.
10/11/2014 11:41:11 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 568 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:40:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (BUNJIRA) service to connect.
10/11/2014 11:40:34 AM, Error: Service Control Manager [7000] - The SQL Server (BUNJIRA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2014 11:39:56 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 567 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:39:34 AM, Error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
10/11/2014 11:26:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:26:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/11/2014 11:26:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/11/2014 11:26:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/11/2014 11:26:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/11/2014 11:26:03 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 556 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:26:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/11/2014 11:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/11/2014 11:25:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/11/2014 11:25:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/11/2014 11:25:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/11/2014 11:24:48 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 555 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:23:32 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 554 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:22:16 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 553 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The ReportServer$BUNJIRA service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The MSSQLFDLauncher service was unable to log on as NT AUTHORITY\LOCALSERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The ICCS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/11/2014 11:22:14 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (BUNJIRA) service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The pipe has been ended.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
10/11/2014 11:21:00 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 552 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 11:20:24 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.141 did not allow the name to be claimed by this computer.
10/11/2014 11:19:49 AM, Error: Service Control Manager [7024] -
10/10/2014 4:20:19 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.120 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

Broni · Oct 13, 2014

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Hendry Lukito · Oct 14, 2014

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hendry Lukito [Administrator]
Mode : Delete -- Date : 10/14/2014 23:09:22

¤¤¤ Processes : 2 ¤¤¤
[Hj.Name|Suspicious.Path] dwm.exe -- C:\Users\Hendry Lukito\AppData\Local\Temp\msupdate71\dwm.exe[-] -> Killed [TermProc]
[Suspicious.Path] rundll32.exe -- C:\Users\HENDRY~1\AppData\Local\Temp\mdi564.dll[-] -> Unloaded

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Windows\CurrentVersion\Run | tsiVideo : C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd [7][-] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Windows\CurrentVersion\Run | tsiVideo : C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd -> ERROR [2]
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_Hendry Lukito_ON_G_828B\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Hendry Lukito_ON_G_828B\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...X-221CA1_WD-WCAYUZ76100161001&q={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...X-221CA1_WD-WCAYUZ76100161001&q={searchTerms} -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++
--- User ---
[MBR] ed5c122b228d6dcfcc951f7614ade5b3
[BSP] 3dd109c92acdeda14f172544d7033f6e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208845 | Size: 238370 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488392065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST4000DM000-1F2168 ATA Device +++++
--- User ---
[MBR] 8a668a7441e00a6fd579fa90e706b0f9
[BSP] 2f28e7944086e2f0b154a1ea58adc9d3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1000000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048206848 | Size: 1097051 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic Storage Device USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic Storage Device USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_10142014_230756.log

Hendry Lukito · Oct 14, 2014

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.14.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17280
Hendry Lukito :: USER-PC [administrator]

10/14/2014 11:21:58 PM
mbar-log-2014-10-14 (23-21-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 461287
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17280

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 29946507264, free: 21514215424

Downloaded database version: v2014.10.14.09
Downloaded database version: v2014.10.11.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FCC58E5

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 208782
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 208845 Numsec = 488183220

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 488392065 Numsec = 488376000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B6A494A7

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 2048000000

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048206848 Numsec = 2246760448

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4000787030016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Hendry Lukito · Oct 14, 2014

I thought the RogueKiller was able to delete the dwm.exe in msupdate17 folder.

Broni · Oct 14, 2014

I think it only killed that process.
We'll keep checking.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Hendry Lukito · Oct 14, 2014

ComboFix 14-10-13.01 - Hendry Lukito 10/15/2014 11:15:39.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1028.18.28559.23647 [GMT 8:00]
Running from: c:\users\Hendry Lukito\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\tbinst
c:\windows\SysWow64\eventmgr.exe
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-09-15 to 2014-10-15 )))))))))))))))))))))))))))))))
.
.
2014-10-15 03:21 . 2014-10-15 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 15:21 . 2014-10-14 15:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-14 15:04 . 2014-10-14 15:04 -------- d-----w- c:\users\Hendry Lukito\AppData\Local\CrashDumps
2014-10-14 15:03 . 2014-10-14 15:03 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-14 15:03 . 2014-10-14 15:03 -------- d-----w- c:\programdata\RogueKiller
2014-10-14 03:50 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EE1B628-0D11-4D30-8815-8989E1A984E0}\mpengine.dll
2014-10-13 03:50 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-11 10:35 . 2014-10-11 10:35 -------- d-----w- C:\temp
2014-10-10 18:31 . 2014-10-15 03:16 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-10 18:30 . 2014-10-15 02:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-10 18:30 . 2014-10-10 18:30 -------- d-----w- c:\programdata\Malwarebytes
2014-10-10 18:30 . 2014-10-01 03:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-10 18:30 . 2014-10-01 03:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-10 18:30 . 2014-10-01 03:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-10 17:45 . 2014-10-10 17:45 -------- d-----w- c:\program files (x86)\Windows Kits
2014-10-10 17:44 . 2014-10-10 17:45 -------- d-----w- c:\programdata\Package Cache
2014-10-10 06:29 . 2014-10-10 06:29 -------- d-----w- c:\users\Hendry Lukito\AppData\Local\SRS Labs
2014-10-10 06:29 . 2010-04-28 02:32 158576 ----a-w- c:\windows\system32\drivers\SRS_PremSoundMon_amd64.sys
2014-10-10 06:26 . 2014-10-10 06:26 -------- d-----w- c:\program files (x86)\ViewSonic
2014-10-09 13:43 . 2014-10-09 13:45 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\337Games
2014-10-09 13:41 . 2014-10-09 13:41 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\SimpleFiles
2014-10-09 10:58 . 2014-10-09 10:58 -------- d-----w- c:\program files (x86)\MathWave
2014-10-03 04:54 . 2014-09-16 19:42 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88FE5B43-4AE3-420A-AF36-C4FFC838A2AD}\gapaengine.dll
2014-10-01 14:07 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 14:07 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 07:11 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-24 07:11 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-23 05:58 . 2014-09-23 05:58 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\MedCalc Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 03:57 . 2012-07-15 11:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 03:57 . 2011-09-21 01:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2011-09-21 01:31 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 19:42 . 2014-08-13 12:33 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-12 01:47 . 2011-03-28 10:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-11 19:01 . 2011-09-21 01:33 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-05 02:10 . 2014-09-11 15:36 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-11 15:36 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-23 02:07 . 2014-08-27 18:58 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 18:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 18:58 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 19:12 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 19:12 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 19:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 19:12 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 19:12 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 19:12 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 19:12 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 19:12 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 19:12 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 19:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 19:12 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 19:12 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 19:12 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 19:12 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 19:12 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 19:12 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 19:12 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 19:12 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 19:12 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 19:12 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 19:12 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 19:12 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 19:12 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 19:12 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 19:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 19:12 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 19:12 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 19:12 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 19:12 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 19:12 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 19:12 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 19:12 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 19:12 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 19:12 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 19:12 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 19:12 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 19:12 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 19:12 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 19:12 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 19:12 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 19:12 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 19:12 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-07 12:01 . 2014-08-07 12:01 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-07 09:48 . 2014-08-07 09:48 319912 ----a-w- c:\windows\system32\javaws.exe
2014-08-07 09:48 . 2014-08-07 09:48 189352 ----a-w- c:\windows\system32\javaw.exe
2014-08-07 09:48 . 2014-08-07 09:48 189352 ----a-w- c:\windows\system32\java.exe
2014-08-07 09:48 . 2014-08-07 09:48 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-07 09:30 . 2014-08-07 09:30 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53 . 2014-09-11 15:37 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 15:37 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-24 18:35 . 2014-07-24 18:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 15:47 . 2014-07-24 15:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 10:05 . 2014-07-17 10:05 269008 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 10:05 . 2014-03-11 01:52 125584 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-01 854344]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-07-23 3858000]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
"USBestCR"="c:\program files (x86)\SmartCardReader\iconcs236856.exe" [2011-09-21 7377920]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MSOLAP$BUNJIRA;SQL Server Analysis Services (BUNJIRA);c:\program files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe;c:\program files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [x]
R2 MSSQL$BUNJIRA;SQL Server (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [x]
R2 ReportServer$BUNJIRA;SQL Server Reporting Services (BUNJIRA);c:\program files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSSQLFDLauncher$BUNJIRA;SQL Full-text Filter Daemon Launcher (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [x]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SQLAgent$BUNJIRA;SQL Server Agent (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE [x]
R3 SRS_PremSoundMon;SRS for Monitors;c:\windows\system32\drivers\srs_PremSoundMon_amd64.sys;c:\windows\SYSNATIVE\drivers\srs_PremSoundMon_amd64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/21 09:03];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) ?????;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-07 21:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 03:57]
.
2014-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10 14:06]
.
2014-10-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job
- c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10 14:06]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07 06:39]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07 06:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBestCR"="c:\program files (x86)\SmartCardReader\iconcs236856.exe" [2011-09-21 7377920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 442352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
IE: ??? Microsoft Excel(&X)
IE: ??? OneNote(&N)
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: ??? OneNote(&N) - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: ??? Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-SRS Premium Sound - c:\program files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_x64.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Hendry Lukito\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAIN4YaXEkdkWch2iBh+uVTQAAAAACAAAAAAAQZgAAAAEAACAAAABBsASF72sZkOOBeMlb/cqbD1F6jF3g3py6pTZWs7YhdAAAAAAOgAAAAAIAACAAAACOfPYbPTFjwsrc1FpJsHPOuvdoe6IDFMhyXsqT3NrIPSAAAADItYYQdQDGXZOD/2/U5KnOB7dDA8ykI2VKhTQF1f+AdkAAAADi7wuADZ6OUU20DLzU+/xtuqesq/qJpq8p095NQDrFJqrhhXqDG811WsN2Puls4I0sfkPb4ZPdN/Run0crYu8m"
.
[HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):70,10,76,99,67,8d,d1,08
"DeltaClock"=hex(b):04,e5,d4,fa,ff,ff,ff,ff
"LastNtpServer"="time.nist.gov"
.
[HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6f,6e,e1,3a,e0,ce,4f,63,2f,2e,06,82,63,8d,da,0e,df,14,36,c5,36,
16,65,4b,71,b3,e3,41,ec,a2,74,27,39,13,d4,86,ff,45,a8,96,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{abde0e78-4553-4383-895e-b355c633ebe5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011b
"Therad"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00Custom\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\DsSpooler]
"driverName"="Send to Microsoft OneNote 15 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="??? OneNote 2013"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\USER-PC\\??? OneNote 2013"
"serverName"="USER-PC"
"shortServerName"="USER-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ac,13,d8,c0,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:c0d813ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 1 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 2 ) ]
"PrinterOnLine"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 3 ) ]
"PrinterOnLine"=dword:00000000
.
Completion time: 2014-10-15 11:23:02
ComboFix-quarantined-files.txt 2014-10-15 03:23
.
Pre-Run: 44,957,704,192 bytes free
Post-Run: 55,452,467,200 bytes free
.
- - End Of File - - 4AEB144456971F6A75F2381070DBAB24
A36C5E4F47E84449FF07ED3517B43A31

Broni · Oct 15, 2014

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Hendry Lukito · Oct 18, 2014

The Adwcleaner delete this file: C:\Windows\System32\roboot64.exe
since it is located in system32 folder, I'm little bit affraid. what is that file?

# AdwCleaner v4.000 - Report created 18/10/2014 at 11:54:23
# DB v2014-10-17.9
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Hendry Lukito - USER-PC
# Running from : C:\Users\Hendry Lukito\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Hendry Lukito\AppData\Roaming\337Games
Folder Deleted : C:\Users\USER\AppData\Local\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\evan\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\MA007\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\USER\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\USER\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Hendry Lukito\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\USER\AppData\Roaming\Systweak
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\Extensions\bbrs_002@blabbers.com
Folder Deleted : C:\Users\evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Folder Deleted : C:\Users\MA007\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Folder Deleted : C:\Users\MA007\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\searchplugins\Askcom.xml
File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3 (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3 (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freemind_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freemind_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger(2)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger(2)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Vittalia
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v38.0.2125.101

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [12425 octets] - [18/10/2014 11:50:19]
AdwCleaner[S0].txt - [12157 octets] - [18/10/2014 11:54:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12218 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Ultimate x64
Ran by Hendry Lukito on Sat 10/18/2014 at 12:01:15.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_englobal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_englobal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_englobal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_englobal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{60845B29-42A7-4F2E-AC43-EAC7E4A7FED1}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/18/2014 at 12:03:54.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hendry Lukito · Oct 18, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Hendry Lukito (administrator) on USER-PC on 18-10-2014 12:06:38
Running from C:\Users\Hendry Lukito\Desktop
Loaded Profile: Hendry Lukito (Available profiles: USER & MA007 & Hendry Lukito)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Chinese (Traditional, Taiwan)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\SysWOW64\afasrv64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\SmartCardReader\iconcs236856.exe [7377920 2011-09-21] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-10-05] (Intel Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\SmartCardReader\iconcs236856.exe [7377920 2011-09-21] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2009-11-20] (cyberlink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [30264 2009-10-06] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBBCDA8A0E1B6CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID 登入協助程式 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-18]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hendry Lukito\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Hendry Lukito\AppData\Roaming\IDM\idmmzcc5 [2014-08-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR Profile: C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
CHR Extension: (YouTube) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (Google Search) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (Google Science Fair 2013) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjffdefaanlfiepeblccfimklhmonjf [2014-08-07]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-07]
CHR Extension: (Photo Zoom for Twitter) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc [2014-08-07]
CHR Extension: (TiltShiftMaker) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2014-08-07]
CHR Extension: (IDM Integration Module) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-08-07]
CHR Extension: (Classic Retweet) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejfljhfeahhhicjefeehikaooffggmf [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR Extension: (Gmail) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2011-09-21] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220104 2012-06-12] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 MSOLAP$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [43801448 2011-09-22] (Microsoft Corporation)
S2 MSSQL$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S3 MSSQLFDLauncher$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62118344 2012-06-12] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54791520 2011-06-17] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-06] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2180960 2011-06-17] (Microsoft Corporation)
S2 ReportServer$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)
S3 SQLAgent$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASPI32; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SRS_PremSoundMon; C:\Windows\System32\drivers\srs_PremSoundMon_amd64.sys [158576 2010-04-28] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-14] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [146928 2009-11-19] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]

Hendry Lukito · Oct 18, 2014

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 12:06 - 2014-10-18 12:07 - 00025711 _____ () C:\Users\Hendry Lukito\Desktop\FRST.txt
2014-10-18 12:06 - 2014-10-18 12:06 - 00000000 ____D () C:\FRST
2014-10-18 12:03 - 2014-10-18 12:03 - 00001289 _____ () C:\Users\Hendry Lukito\Desktop\JRT.txt
2014-10-18 12:01 - 2014-10-18 12:01 - 00000000 ____D () C:\Windows\ERUNT
2014-10-18 11:56 - 2014-10-18 11:56 - 00000000 ___RD () C:\Users\Hendry Lukito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2014-10-18 11:50 - 2014-10-18 11:54 - 00000000 ____D () C:\AdwCleaner
2014-10-18 11:49 - 2014-10-18 11:49 - 02112000 _____ (Farbar) C:\Users\Hendry Lukito\Desktop\FRST64.exe
2014-10-18 11:48 - 2014-10-18 11:48 - 01976320 _____ () C:\Users\Hendry Lukito\Desktop\adwcleaner_4.000.exe
2014-10-18 11:48 - 2014-10-18 11:48 - 01705698 _____ (Thisisu) C:\Users\Hendry Lukito\Desktop\JRT.exe
2014-10-18 11:46 - 2014-10-18 11:46 - 00000174 _____ () C:\Users\Hendry Lukito\Documents\a.txt
2014-10-15 23:27 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 23:27 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 23:27 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 23:27 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 23:27 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 23:27 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 23:27 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 23:27 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 23:27 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 23:27 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 23:27 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 23:27 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 23:27 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 23:27 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 23:27 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 23:27 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 23:27 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 23:27 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 23:27 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 23:27 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 23:27 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 23:27 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 23:27 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 23:27 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 23:27 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 23:27 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 23:27 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 23:27 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 23:27 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 23:27 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 23:27 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 23:27 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 23:27 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 23:27 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 23:27 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 23:27 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 23:27 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 23:27 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 23:27 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 23:27 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 23:27 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 23:27 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 23:27 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 23:27 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 23:27 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 23:27 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 23:27 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 23:27 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 23:27 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 23:27 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 23:27 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 23:27 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 23:27 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 23:27 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 23:27 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 23:27 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 23:26 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 23:26 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 23:26 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 23:26 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 23:26 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 23:26 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 23:26 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 23:25 - 2014-08-19 11:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 23:25 - 2014-08-19 11:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 23:25 - 2014-08-19 11:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 23:25 - 2014-08-19 11:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 23:25 - 2014-08-19 11:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 23:25 - 2014-08-19 11:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 23:25 - 2014-08-19 11:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 23:25 - 2014-08-19 11:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 23:25 - 2014-08-19 11:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 23:25 - 2014-08-19 11:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 23:25 - 2014-08-19 10:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 23:25 - 2014-08-19 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 23:25 - 2014-08-19 10:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 23:25 - 2014-07-07 10:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 23:25 - 2014-07-07 10:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 23:25 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 23:25 - 2014-07-07 10:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 23:25 - 2014-07-07 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 23:25 - 2014-07-07 10:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 23:25 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 23:25 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 23:25 - 2014-07-07 10:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 23:25 - 2014-07-07 10:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 23:25 - 2014-07-07 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 23:25 - 2014-07-07 09:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 23:25 - 2014-07-07 09:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 23:25 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 23:25 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 23:25 - 2014-07-07 09:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 23:25 - 2014-07-07 09:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 23:25 - 2014-07-07 09:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 23:25 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 23:25 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 23:25 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 23:25 - 2014-06-28 08:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 23:25 - 2014-06-28 08:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 23:25 - 2014-06-28 08:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 23:23 - 2014-10-10 10:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 23:23 - 2014-10-10 10:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 23:23 - 2014-10-10 10:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 23:18 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 23:18 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 23:18 - 2014-08-29 10:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 23:17 - 2014-09-13 09:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 23:17 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 23:17 - 2014-09-05 10:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 23:17 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 23:17 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 23:17 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 23:17 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 23:17 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 23:17 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 23:17 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 23:17 - 2014-07-17 10:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 23:17 - 2014-07-17 10:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 23:17 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 23:17 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 23:17 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 23:17 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 23:17 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 21:24 - 2014-10-15 21:24 - 00063524 _____ () C:\Users\Hendry Lukito\Downloads\amoy.au
2014-10-15 17:12 - 2014-10-15 17:12 - 00002530 _____ () C:\Users\Hendry Lukito\Downloads\sciencef3eedbac.ris
2014-10-15 11:23 - 2014-10-15 11:23 - 00039527 _____ () C:\ComboFix.txt
2014-10-15 11:14 - 2014-10-15 11:23 - 00000000 ____D () C:\Qoobox
2014-10-15 11:14 - 2014-10-15 11:23 - 00000000 ____D () C:\ComboFix
2014-10-15 11:14 - 2014-10-15 11:22 - 00000000 ____D () C:\Windows\erdnt
2014-10-15 11:14 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-15 11:14 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-15 11:14 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-15 11:14 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-15 11:14 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-15 11:14 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-15 11:14 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-15 11:14 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-15 11:09 - 2014-10-15 11:09 - 05582915 ____R (Swearware) C:\Users\Hendry Lukito\Desktop\ComboFix.exe
2014-10-14 23:21 - 2014-10-14 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-14 23:18 - 2014-10-14 23:36 - 00000000 ____D () C:\Users\Hendry Lukito\Desktop\mbar
2014-10-14 23:17 - 2014-10-14 23:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Hendry Lukito\Desktop\mbar-1.07.0.1012.exe
2014-10-14 23:04 - 2014-10-14 23:04 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\CrashDumps
2014-10-14 23:03 - 2014-10-14 23:03 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-14 23:03 - 2014-10-14 23:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-14 23:01 - 2014-10-14 23:01 - 15677528 _____ () C:\Users\Hendry Lukito\Desktop\RogueKiller.exe
2014-10-12 15:42 - 2014-10-12 15:42 - 00536242 _____ () C:\Users\Hendry Lukito\Desktop\attach.txt
2014-10-12 15:42 - 2014-10-12 15:42 - 00023976 _____ () C:\Users\Hendry Lukito\Desktop\dds.txt
2014-10-12 15:39 - 2014-10-12 15:39 - 00688992 ____R (Swearware) C:\Users\Hendry Lukito\Downloads\dds.com
2014-10-12 15:37 - 2014-10-12 15:37 - 00001068 _____ () C:\Users\Hendry Lukito\Desktop\Scan mbam.txt
2014-10-12 01:45 - 2014-10-12 01:45 - 45744128 _____ () C:\DPC_Interrupt.etl
2014-10-11 18:35 - 2014-10-11 18:35 - 00000000 ____D () C:\temp
2014-10-11 02:31 - 2014-10-18 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 02:30 - 2014-10-15 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 02:30 - 2014-10-15 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-11 02:30 - 2014-10-11 02:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 02:30 - 2014-10-11 02:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-11 02:30 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 02:30 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 02:30 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 02:29 - 2014-10-11 02:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hendry Lukito\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-11 01:47 - 2014-10-12 01:45 - 42663936 _____ () C:\kernel.etl
2014-10-11 01:45 - 2014-10-11 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-10-11 01:45 - 2014-10-11 01:45 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-10-11 01:44 - 2014-10-11 01:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-11 01:42 - 2014-10-11 01:42 - 00991536 _____ (Microsoft Corporation) C:\Users\Hendry Lukito\Downloads\sdksetup.exe
2014-10-10 14:29 - 2014-10-10 14:29 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\SRS Labs
2014-10-10 14:29 - 2010-04-28 10:32 - 00158576 _____ () C:\Windows\system32\Drivers\SRS_PremSoundMon_amd64.sys
2014-10-10 14:26 - 2014-10-10 14:26 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
2014-10-10 14:26 - 2014-10-10 14:26 - 00000000 ____D () C:\Program Files (x86)\ViewSonic
2014-10-10 14:24 - 2014-10-11 01:36 - 00000094 _____ () C:\Windows\VSWizard.ini
2014-10-09 18:58 - 2014-10-09 18:58 - 00002087 _____ () C:\Users\Hendry Lukito\Desktop\StatAssist 5.5.lnk
2014-10-09 18:58 - 2014-10-09 18:58 - 00001137 _____ () C:\Users\Hendry Lukito\Desktop\EasyFit 5.5 Professional.lnk
2014-10-09 18:58 - 2014-10-09 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathWave
2014-10-09 18:58 - 2014-10-09 18:58 - 00000000 ____D () C:\Program Files (x86)\MathWave
2014-10-01 22:07 - 2014-09-25 10:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 22:07 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 15:11 - 2014-09-10 06:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 15:11 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 13:58 - 2014-09-23 13:58 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Roaming\MedCalc Software
2014-09-23 10:46 - 2014-09-23 10:46 - 00055841 _____ () C:\Users\Hendry Lukito\Desktop\Monte Carlo Simulation Report.xls
2014-09-22 23:47 - 2014-09-22 23:47 - 00029184 _____ () C:\Users\Hendry Lukito\Downloads\Table 1 Population Statistics, 1999¡Ð2012 (1).xls
2014-09-22 23:44 - 2014-09-22 23:44 - 00036352 _____ () C:\Users\Hendry Lukito\Downloads\Table 2 Cause of Death, 1999¡Ð2012.XLS
2014-09-22 23:44 - 2014-09-22 23:44 - 00029184 _____ () C:\Users\Hendry Lukito\Downloads\Table 1 Population Statistics, 1999¡Ð2012.xls
2014-09-22 23:43 - 2014-09-22 23:43 - 03613184 _____ () C:\Users\Hendry Lukito\Downloads\2013 statistics of causes of death.xls
2014-09-22 14:38 - 2014-10-13 18:51 - 00000336 _____ () C:\Windows\ODBC.INI
2014-09-21 19:54 - 2014-09-21 19:54 - 00000219 _____ () C:\Users\Hendry Lukito\Downloads\Economic_Evaluation_in_Health_Care.enw
2014-09-21 17:18 - 2014-09-21 17:18 - 01041596 _____ () C:\Users\Hendry Lukito\Documents\.RData
2014-09-19 14:51 - 2014-09-19 14:51 - 00000164 _____ () C:\Users\Hendry Lukito\Downloads\Reliability_Based_Mechanical_Design.enw

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 12:05 - 2009-07-14 12:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 12:05 - 2009-07-14 12:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 12:02 - 2011-09-21 08:09 - 02073526 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 11:58 - 2014-08-07 17:03 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USER-PC-Hendry Lukito USER-PC
2014-10-18 11:58 - 2012-07-15 19:30 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 11:56 - 2014-08-07 14:39 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 11:55 - 2014-01-03 13:35 - 00021811 _____ () C:\Windows\setupact.log
2014-10-18 11:55 - 2011-09-21 09:13 - 01427344 _____ () C:\Windows\PFRO.log
2014-10-18 11:55 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 11:44 - 2014-08-07 14:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 10:11 - 2013-11-10 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job
2014-10-17 22:11 - 2013-11-10 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job
2014-10-17 14:46 - 2014-08-07 14:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-17 13:46 - 2009-07-14 17:21 - 00782738 _____ () C:\Windows\system32\prfh0404.dat
2014-10-17 13:46 - 2009-07-14 17:21 - 00284936 _____ () C:\Windows\system32\prfc0404.dat
2014-10-17 13:46 - 2009-07-14 13:13 - 02403322 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 21:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 20:28 - 2009-07-14 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 20:18 - 2009-07-14 12:45 - 00799856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 18:45 - 2011-09-21 08:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 18:45 - 2009-07-14 10:34 - 00000505 _____ () C:\Windows\win.ini
2014-10-16 18:44 - 2014-08-07 16:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-16 18:36 - 2013-08-06 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 18:29 - 2011-09-21 09:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 18:27 - 2014-08-07 15:01 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Roaming\DMCache
2014-10-15 11:21 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-12 01:34 - 2014-05-23 00:02 - 00000000 ____D () C:\Users\Hendry Lukito\Downloads\Compressed
2014-10-11 10:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system
2014-10-11 10:25 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Speech
2014-10-11 01:36 - 2011-09-21 08:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-10 20:59 - 2014-08-10 21:52 - 00000000 ____D () C:\Users\Hendry Lukito\Documents\MATLAB
2014-10-10 14:31 - 2014-08-06 19:09 - 00187504 _____ () C:\Users\Hendry Lukito\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 21:47 - 2014-08-06 19:09 - 00001377 _____ () C:\Users\Hendry Lukito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 18:59 - 2012-04-06 17:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-09 18:53 - 2014-09-14 20:04 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-10-09 13:32 - 2014-05-23 00:02 - 00000000 ____D () C:\Users\Hendry Lukito\Downloads\Video
2014-10-04 00:47 - 2013-10-18 14:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-30 13:45 - 2014-08-07 14:07 - 00000000 ____D () C:\Users\Hendry Lukito\Documents\SQL Server Management Studio
2014-09-25 23:49 - 2014-08-06 19:09 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\Microsoft Help
2014-09-24 11:57 - 2012-07-15 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 11:57 - 2012-07-15 19:30 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 11:57 - 2011-09-21 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 14:42 - 2011-09-21 09:31 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe
C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 05:10

==================== End Of Log ============================

Hendry Lukito · Oct 18, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Hendry Lukito at 2014-10-18 12:07:56
Running from C:\Users\Hendry Lukito\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.475 - ACD Systems International Inc.)
Adobe Acrobat X Pro - English, Fran蓷is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2320 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}) (Version: 9.00.0000 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B6FBF358-6B5E-4DE4-8BC5-892C87BBD3B4}) (Version: - Microsoft)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{B6FBF358-6B5E-4DE4-8BC5-892C87BBD3B4}) (Version: - Microsoft)
EasyFit 5.5 (HKLM-x32\...\EasyFit_is1) (Version: 5.5 - MathWave Technologies)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit) (HKLM\...\KB2716440) (Version: 10.51.2550.0 - Microsoft Corporation)
GDR 5512 for SQL Server 2008 (KB2716436) (64-bit) (HKLM\...\KB2716436) (Version: 10.3.5512.0 - Microsoft Corporation)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP LaserJet P2050 Series 6.0 (HKLM\...\{6F801026-6AF0-4520-9153-4C9B4CAAB361}) (Version: 6.0 - HP)
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppQFolderP2050 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppusgP2050 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Codec Pack 9.7.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.0 - )
K-Lite Mega Codec Pack 7.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
MATLAB R2009a (HKLM\...\MatlabR2009a) (Version: 7.8 - The MathWorks, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (CHT) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Access MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - English (HKLM\...\Office15.OMUI.en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office O MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 校訂工具 2013 - 繁體中文 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT) (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Analysis Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Full text search (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Books Online (HKLM-x32\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6A0F9093-6EDF-45B2-8783-9EB9D15F8339}) (Version: 10.51.2550.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Reporting Services (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Reporting Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visio Language Pack 2013 - English (HKLM\...\Office15.VisMUI.en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visio MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft VisMUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2007 Tools for Applications - ENU 的 Hotfix (KB947789) (HKLM-x32\...\{86BAE226-C93D-3803-9EED-A3C995B599BD}.KB947789) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - CHT (HKLM-x32\...\{E6B7E1B0-FAB8-3B7D-81EF-F9706E6621EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - CHT (HKLM-x32\...\{86BAE226-C93D-3803-9EED-A3C995B599BD}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Word MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft X MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microtek ScanWizard (HKLM-x32\...\{17A7779A-D23F-11D3-8753-0050BABE1202}) (Version: - )
MINITAB 14 (HKLM-x32\...\InstallShield_{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}) (Version: 14.1 - Minitab)
MINITAB 14 (x32 Version: 14.1 - Minitab) Hidden
MP3 Cutter 1.1.1 (HKLM-x32\...\MP3 Cutter_is1) (Version: - MP3Cutter.org)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
NetTalk By True (HKLM-x32\...\NetTalk_is1) (Version: - )
Nitro Pro 8 (HKLM\...\{F373F779-B86E-4840-86AB-915510F81B30}) (Version: 8.0.7.4 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.195.0 - Tracker Software Products Ltd)
PowerDVD (x32 Version: 9.00.0000 - CyberLink Corp.) Hidden
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.978 - RStudio)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart Card Reader Driver 1.0.7.73 (HKLM-x32\...\Smart Card Reader Driver and Card Icon Program_is1) (Version: - )
SPSS 16.0 (HKLM-x32\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
SQL Server 2008 (KB2546951) 的 Service Pack 3 (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 的 Service Pack 1 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TreeAge Pro 2011 (HKLM\...\TreeAge Pro 2011) (Version: - )
TreeAge Pro Excel (HKLM-x32\...\TreeAge Pro Excel) (Version: - )
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0018-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-001B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.VISPRO_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{90D44684-FCA7-4674-A91E-EBEAD18F7039}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0DC71935-8DEE-4621-A223-23FD1552E567}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0404-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0055-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0100-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0404-1000-0000000FF1CE}_Office15.PROPLUS_{4224533E-EFAC-4B33-AD8A-1C486FC92C40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0404-1000-0000000FF1CE}_Office15.VISPRO_{4224533E-EFAC-4B33-AD8A-1C486FC92C40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.VISPRO_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.OMUI.en-us_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.VisMUI.en-us_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.OMUI.en-us_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.VisMUI.en-us_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EADBF225-163E-406B-B11A-26ECCCAB5A0E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889940) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{36772E16-D3FA-440E-B001-0BEB2B1FCE47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889940) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{36772E16-D3FA-440E-B001-0BEB2B1FCE47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00BA-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.VISPRO_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00A1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-001A-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0404-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0404-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0054-0404-1000-0000000FF1CE}_Office15.VISPRO_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0054-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Weka 3.6.5 (HKLM\...\Weka 3.6.5) (Version: 3.6.5 - Machine Learning Group, University of Waikato, Hamilton, NZ)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
Windows Software Development Kit EULA (x32 Version: 8.59.25584 - Microsoft Corporations) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Worms Reloaded (HKLM-x32\...\Worms Reloaded_is1) (Version: - )
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
嘸蝦米輸入法 7.0 標準版 (HKLM\...\BoshiamyIME) (Version: 7, 0, 4, 433 - 行易有限公司)

Hendry Lukito · Oct 18, 2014

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

16-10-2014 10:28:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-10-15 11:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {264DC165-5B2C-4A0D-AC63-41F98ACF10F6} - System32\Tasks\{B86C0079-EAC9-45EE-8920-EDF8816ADA6C} => Firefox.exe http://ui.skype.com/ui/0/6.1.59.129/en/abandoninstall?page=tsProgressBar
Task: {287B40C0-12CE-481E-8AD9-D3FAD258A104} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {573AA68C-D296-40C0-9474-3A93502DF63B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {606E4A54-849B-4A5D-9163-9A143F637994} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)
Task: {652FD2CF-6339-4588-84B3-8ED58C6E8214} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)
Task: {81F2E762-3155-49F8-A291-ACC4DE4F2446} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {BA3363F3-4978-4DA6-9FB6-F442C7B67594} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D56E530D-7774-48C4-B84C-71FE2D79AB6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for USER-PC-Hendry Lukito USER-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D9915165-A947-450F-B307-18C2E37E8090} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EC4C4E6E-7E27-4D48-BC07-40FDF96AFFB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-21 08:18 - 2011-09-21 08:18 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
2011-09-21 08:18 - 2011-09-21 08:18 - 07377920 _____ () C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-21 08:49 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-16 13:53 - 2014-09-16 13:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-17 14:46 - 2014-10-10 10:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 14:46 - 2014-10-10 10:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 14:46 - 2014-10-10 10:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 14:46 - 2014-10-10 10:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-17 14:46 - 2014-10-10 10:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp

1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2917960761-3470745484-3326223250-500 - Administrator - Disabled)
Guest (S-1-5-21-2917960761-3470745484-3326223250-501 - Limited - Disabled)
Hendry Lukito (S-1-5-21-2917960761-3470745484-3326223250-1211 - Administrator - Enabled) => C:\Users\Hendry Lukito
MA007 (S-1-5-21-2917960761-3470745484-3326223250-1210 - Administrator - Enabled) => C:\Users\MA007
USER (S-1-5-21-2917960761-3470745484-3326223250-1000 - Administrator - Enabled) => C:\Users\USER

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Error: (10/18/2014 00:07:18 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.

Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Error: (10/18/2014 00:06:02 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.

System errors:
=============
Error: (10/18/2014 00:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/18/2014 00:06:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:06 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/18/2014 00:06:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description:

Error: (10/18/2014 00:07:18 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA)

Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description:

Error: (10/18/2014 00:06:02 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA)

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

Server stack trace:
at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
Description:

Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
Description: Report Server Windows Service (BUNJIRA)

CodeIntegrity Errors:
===================================
Date: 2014-10-15 11:21:07.015
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 11:21:06.969
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 18:10:38.237
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 17:50:22.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 17:28:58.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 17:21:21.812
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 16:16:46.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 15:53:28.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-31 15:31:57.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-08-30 19:08:59.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 28559.21 MB
Available physical RAM: 23503.86 MB
Total Pagefile: 57116.61 MB
Available Pagefile: 51227.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:49.73 GB) NTFS
Drive d: () (Fixed) (Total:232.88 GB) (Free:134.09 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:976.56 GB) (Free:919.08 GB) NTFS
Drive h: () (Fixed) (Total:1071.34 GB) (Free:274.08 GB) NTFS
Drive I: (IR1_CPRA_X64FREV_ZH-TW_DV5) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FCC58E5)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: B6A494A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1071.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Oct 18, 2014

roboot64.exe seems to be coming from Advanced System Optimizer, some registry tweaking tool. You don't want that.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

You have number of this type of errors in Event Viewer:

Error: (10/18/2014 00:06:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Click Start button and in "Start search" type:
cmd
Hold CTRL and SHIFT buttons and press Enter.
Command prompt window will open.
Paste this in:
chkdsk /r (<------watch for "space")
Press Enter.
Chkdsk will run.
Reboot.
Download ListChkdskResult.exe (by SleepyDude) from the link below:
https://dl.dropboxusercontent.com/u/12354842/My Tools/ListChkdskResult.exe
Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post

Hendry Lukito · Oct 20, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Hendry Lukito at 2014-10-20 12:07:03 Run:1
Running from C:\Users\Hendry Lukito\Desktop
Loaded Profile: Hendry Lukito (Available profiles: USER & MA007 & Hendry Lukito)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
S2 ASPI32; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe
C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp

1B5B4F1

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
ASPI32 => Service deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
VIAHdAudAddService => Service deleted successfully.
C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Temp => "

1B5B4F1" ADS removed successfully.

==== End of Fixlog ====

Hendry Lukito · Oct 20, 2014

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 10/20/2014 2:13:56 PM >------
Category: 0
Computer Name: USER-PC
Event Code: 1001
Record Number: 1717833
Source Name: Microsoft-Windows-Wininit
Time Written: 10-20-2014 @ 06:10:50
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x11fe3.
878080 file records processed.

File verification completed.
1215 large file records processed.

0 bad file records processed.

2 EA records processed.

100 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
998536 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
878080 file SDs/SIDs processed.

Cleaning up 3861 unused index entries from index $SII of file 0x9.
Cleaning up 3861 unused index entries from index $SDH of file 0x9.
Cleaning up 3861 unused security descriptors.
CHKDSK is compacting the security descriptor stream
60229 data files processed.

CHKDSK is verifying Usn Journal...
37594368 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x72997000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x729a1000 for 0x1000 bytes.
Windows replaced bad clusters in file 331450
of name \PROGRA~2\MI3EDC~1\100\Shared\MSMDRE~1.DLL.
878064 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
13252142 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

244091609 KB total disk space.
189663816 KB in 794968 files.
428760 KB in 60232 indexes.
4 KB in bad sectors.
990457 KB in use by the system.
65536 KB occupied by the log file.
53008572 KB available on disk.

4096 bytes in each allocation unit.
61022902 total allocation units on disk.
13252143 allocation units available on disk.

Internal Info:
00 66 0d 00 a8 0c 0d 00 71 72 18 00 00 00 00 00 .f......qr......
6e 04 00 00 64 00 00 00 00 00 00 00 00 00 00 00 n...d...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------

Broni · Oct 20, 2014

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Internet Explorer users - Click on this link to open ESET OnlineScan.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
  [/LIST]
  [*]Check [I]"YES, I accept the Terms of Use."[/I]
  [*]Click the [b]Start[/b] button.
  [*]Accept any security warnings from your browser.[/*]
  [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
  [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark [I]"Use custom proxy settings"[/I]
  [*]Click the [b]Start[/b] button.
  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  [*]When the scan completes, click [b]List Threats[/b][/*]
  [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  [*]Click the [b]Back[/b] button.
  [*]Click the [b]Finish[/b] button.
  [/LIST]

Hendry Lukito · Oct 20, 2014

I think it's doing just fine now. Since the roguekiller enable to detect and fix the dwm.exe, all CPU works normally when idle. I'm on work now. Will do the scans tonight.
oh and also, I'm planning to do a cleaning for my laptop, even though I'm not sure is there any harmful malwares since they don't make it into surface like dwm.exe. Would you mind to help me once again scanning my laptop later?

Broni · Oct 20, 2014

Not a problem but create new topic for it.

Solved Dwm.exe in AppData\local\temp\msupdate71 consumes 100% of CPU

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Attachments

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Attachments

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Similar threads